convert SSH URL to HTTPS (#179)

This commit is contained in:
eric sciple 2020-03-10 10:45:50 -04:00 committed by GitHub
parent b4626ce19c
commit 80602fafba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 19 deletions

View File

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@ -48,7 +48,7 @@ jobs:
- name: Modify work tree
shell: bash
run: __test__/modify-work-tree.sh
- name: Clean checkout
- name: Checkout clean
uses: ./
with:
ref: test-data/v2/basic
@ -58,12 +58,12 @@ jobs:
run: __test__/verify-clean.sh
# Side by side
- name: Side by side checkout 1
- name: Checkout side by side 1
uses: ./
with:
ref: test-data/v2/side-by-side-1
path: side-by-side-1
- name: Side by side checkout 2
- name: Checkout side by side 2
uses: ./
with:
ref: test-data/v2/side-by-side-2
@ -73,7 +73,7 @@ jobs:
run: __test__/verify-side-by-side.sh
# LFS
- name: LFS checkout
- name: Checkout LFS
uses: ./
with:
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
@ -85,29 +85,29 @@ jobs:
run: __test__/verify-lfs.sh
# Submodules false
- name: Submodules false checkout
- name: Checkout submodules false
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-false
- name: Verify submodules false
run: __test__/verify-submodules-false.sh
# Submodules one level
- name: Submodules true checkout
- name: Checkout submodules true
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-true
submodules: true
- name: Verify submodules true
run: __test__/verify-submodules-true.sh
# Submodules recursive
- name: Submodules recursive checkout
- name: Checkout submodules recursive
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-recursive
submodules: recursive
- name: Verify submodules recursive
@ -127,7 +127,7 @@ jobs:
- name: Override git version (Windows)
if: runner.os == 'windows'
run: __test__\\override-git-version.cmd
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
@ -153,7 +153,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@ -185,7 +185,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@ -198,7 +198,7 @@ jobs:
# Basic checkout using REST API
- name: Override git version
run: __test__/override-git-version.sh
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic

15
dist/index.js vendored
View File

@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) {
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
this.insteadOfValue = `git@${HOSTNAME}:`;
this.temporaryHomePath = '';
this.git = gitCommandManager;
this.settings = gitSourceSettings || {};
@ -5140,11 +5142,15 @@ class GitAuthHelper {
else {
yield fs.promises.writeFile(newGitConfigPath, '');
}
// Configure the token
try {
// Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
// Configure the token
yield this.configureToken(newGitConfigPath, true);
// Configure HTTPS instead of SSH
yield this.git.tryConfigUnset(this.insteadOfKey, true);
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
}
catch (err) {
// Unset in case somehow written to the real global config
@ -5160,7 +5166,12 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
];
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
// Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) {

View File

@ -34,6 +34,8 @@ class GitAuthHelper {
private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
private readonly tokenPlaceholderConfigValue: string
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
private temporaryHomePath = ''
private tokenConfigValue: string
@ -92,13 +94,19 @@ class GitAuthHelper {
await fs.promises.writeFile(newGitConfigPath, '')
}
// Configure the token
try {
// Override HOME
core.info(
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
)
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
// Configure the token
await this.configureToken(newGitConfigPath, true)
// Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true)
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
} catch (err) {
// Unset in case somehow written to the real global config
core.info(
@ -114,8 +122,13 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
]
const output = await this.git.submoduleForeach(
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
commands.join(' && '),
this.settings.nestedSubmodules
)